Hi, This can be because user change was taking place in child system during your maintenance activity. Kindly Save the user again and try to re-distribute.
↧
Re: Maintenance of user locked by user CUA_PXX_100 error
↧
Re: UPGRADE_EHP7 - PFCG new version of screen
Hi Rajashekar and also Surya,
new alv functionality is available. (dispaly of changes, mass changes,....) Please check out SAP kba 2093770, 2093770 to see functional changes.
Switch back to the old look is also possible, on the auth-maint.-screen: menu->utilities->settings->'use ALV tree' (checked=new, unchecked=old)
b.rgds, Bernhard
↧
↧
Re: Delete Auth Object From SAP_ALL
There is an alternative for this, Please read the message form the popup when you try to delete the authorization object or the class which is already being used.
I took this alternative.
Step 1: go to su21
Step 2: select the the authorization object and go to edit.
Step 3: In the edit popup assign the authorization object class to obsolete AAAA.
Step 4: save and regenerate the SAP ALL.
Step 5: repeat step 1 to 3 but in step 3 assign back the original SAP authorization class the authorization object intended to.
Step 6: Important Do not regenerate the authorization profile SAP_ALL.
Good Luck ;-)
Regards,
Malathesha Sodad.
↧
Authentication between SCC and backend ABAP system
Currently having authentication issue between our SCC and backend ABAP system
Steps done so far:
- created a PK12 Cert and loaded it in SCC (CA Cert and System Cert)
- loaded the same Cert in STRUST of ABAP backend system
- created cert from Principal Propagation to use in CERTRULE in backend ABAP system
↧
Transport Overwrite
Hello Friends, We have come across a situation where transport gets overwritten by some other transport and we lose the changes done in the roles. For Example :- Suppose if Role1 has been changed and transport have been generated Say TR1 and the same role has been changed after some time and TR 2 has been generated. Now During production transport, TR2 has moved first and then TR1 goes. Now changes are overwritten. What can be the possible solutions to overcome this? One solution we came across is:- Checking SE03 Transport Organizer for the same role. If there are two transport then we would need confirmation from the change owner that when will his transport go and then we can transport the latter changes. Please let me know if there is any other solution as well
Message was edited by: Mili Airen
↧
↧
T code FPL9 authorization restriction
Hello Experts,
I have a situation wherein I need to restrict the users to only viewing Utility accounts on FPL9, not the Property Tax account. However when I checked the Auth Objects for FPL9, I do not find any option to restrict Property tax account on FPL9.
Please suggest
Regards
Piyush
↧
Re: Transport Overwrite
Mili,
The solution to this problem is for the security developer to not send transports out of order. Before you start to make a change to role, verify that there are no transports in flight for that role, and that the date and time stamp on the role is the same in PROD as in DEV and Test. If there is a stale transport of the role that never made it to PROD, confirm it before creating a new transport.
Gretchen
↧
Re: Transport Overwrite
Hi Gretchen, This is similar as SE03, right where we check if a role is include in more then 1 transport request and if that request is in modifiable state..
↧
Re: T code FPL9 authorization restriction
Hi Piyush, I am not sure, but may be something through SPRO can be configured. If not then we can use authorization group I suppose.
May be this link can help you https://scn.sap.com/thread/1261426
↧
↧
Re: SNC Activation Problem
Hi Sjamal,
The parameter "snc/enable" is not the one with problems. When set to 1 this parameter will only enable SNC in your application server, and if your server does not starts this means that there is issues with your SNC configuration and not with the parameter itself.
A common issue that leads to this system behavior is when the Subject of the SNC PSE does not match the value in the snc/identity/as parameter.
The correct procedure here is:
1. Recreate the SNC PSE so the subject of it matches the value in the snc/identity/as. Restart the system. Please notice that in this first step snc/enable must be set to 0;
2. Set snc/enable to 1. Restart the system.
The procedure must be done in this order.
However if you are still facing issues with this configuration please provide the relevant error messages from the dev_w0.
Cheers,
Filipe Santos
↧
Re: T code FPL9 authorization restriction
Hello Mili,
Thanks for taking up this concern. Could you please elaborate more on the SPRO options for me?
Also, please guide me towards how could I go ahead and create an authorization group for this requirement. Thanks
Regards
Piyush
↧
Re: T code FPL9 authorization restriction
Hi Piyush, The above link will guide you. Please check this link. https://scn.sap.com/thread/1261426
↧
Re: Transport Overwrite
Hi Mili, SE03 would help only if the person who made the change to role ahead of you created the transport request for his change. If he did not yet create transport request and you use SE03 you might think that yours is the only change and go ahead with moving your transport to Production. The end result being that you also moved the changes made by the person to the role ahead of you.
As Gretchen suggested, the best practice is to make sure that the role is same in Dev and Prod even before you make the change. This can be done my checking the date and time stamp of the role in Dev and Prod or by comparing the role in Dev with Prod using SUIM-> comparison of roles across system. If you find that the role in Dev is not same as in Prod, stop making your changes until you find out the reason. It could be someone making the change and sitting on it without creating transport, or it could be that the role is in test environment still being tested and not yet made to Prod. If it is the second case check with the change owner and co-ordinate with him on moving both your changes to Prod.
↧
↧
Customizing authorization
Hello Experts,
I have some questions regarding customizing authorizations. And I kindly ask for your opiinion:
1. To grant a Person with duties to customize e.g. module SD I´ve marked node SD in SPRO and then created a role with all necessary Transactions, tables --> SPRO, SM30, relevant tables, AND all the S_ALR* Transactions which are associated to this node
Questoin: How can I identify all the S_ALR*Transactions which lead to Badi activities?
2. If I turn this customizing role to Display only, idea is to assign ACTVT=3 only. Do you agree with this Approach? Are Badis critical in this role?
Thanks in advance!
↧
Re: Mass role creation and addition of tcodes to role menu
hi sabyasachi rudra,
could you please tell me how you solved the issue even i do have the same requirement and same problem.
Thanks,
sravanthi
↧
Re: Validate Keystore from mapping java UDF (SAP PI 7.4 java only)
Martím,
Did you resolved the issue? I have the same problem.
Thanks.
↧
Re: Authorization Object
Hi,
you can do it with SE63.
Chose
-> Translation
-> ABAP Objects
-> Transport Object
Fill the transport object fields with R3TR SUSC and the name of your authorization class.
Or fill the transport object fields with R3TR SUSO and the name of your authorization object.
Regards,
Klaus
↧
↧
Re: Authorization Object
Translation is of course available, just call SE63 and input some ok_code like 'UO' (*) else you can use Klaus's option (Repository/Transport Objects)
Regards,
Raymond
(*) for list of those shortcuts, browse table LXE_ATTOBT
↧
Re: Error in ECATT command TCD PFCG
hi Milli Airen,
sorry for the late reply,as i tried in different ways to solve issue. Actually here the problem is i am create roles but tcodes are not added.so I ran the script in Foreground mode, up to role name and role text script is working good whenever it comes to menu tab script is strucking at the field =%_GC 22861 and this value is changing every time.If go back again next role is creating.
I don't know why its happening.
↧
Re: Authorization Object
Thank you so much (
'O 'Small Letter makes change). Clear and beautiful answer.
↧